Well, anybody wanting to add a keylogger into a package could just throw in some mail utilities while they're at it...

(OMG! Another bright idea no other person could ever come up with on his own! I've just inspired the ID theft of two and forty score people!)

That leads to one way you could possibly identify a suspicious package: make sure it isn't abnormally large. Also, you can extract (without installing) a package like this:
pet2tgz somepackage.pet
tar -xf somepackage.tar.gz
Then the package's contents will be inside the somepackage/ directory, so you can look around and make sure there aren't any suspicious files. In particular, look for things in auto-run directories like etc/init.d, etc/profile.d, and root/Startup. Also beware of replaced system files like /root/.xinitrc, /etc/profile, and stuff in /etc/rc.d/. And if there's a pinstall.sh script, read it to be sure there's nothing nefarious in that.

That doesn't help if the malware is compiled into the programs or libraries though.

(Oh snap, another inspiration!)

I'd better not mention the madness that could happen if the package also replaced things like ps, kill or even the kernel so that all this malware they're installing wouldn't turn up in the process list, nor be killable...

There is a reason that people recommend keeping a list of md5sums for all system files so you can tell when they change (assuming nobody modifies the list - store a hard copy outside the system so that that isn't a possibility unless you're dealing with people who have physical access to your stuff)

I would do that myself, if I didn't change things around so often that it would be more hassle than it's worth.

EDIT: With non-Full Puppy installs, you can look in /initrd/pup_rw/ to get an idea of what files have changed or been added from the default installation. That doesn't take into account anything added through a .sfs file, nor anything added by modifying the pup_xxx.sfs file (not normally possible - it's a readonly filesystem due to being compressed, but it could still be replaced, and I think you can append to it.)

(Whoops, out slips another one...)

I say, best to know how they can hit you, then figure out how to block it, rather than suppress the knowledge in the hopes that the crooks won't figure it out on their own. And yeah, I'm against gun bans, and my neck is a little red in the summer. And there ain't nuthin wrong with a pick-em-up truck, 'cept they tend to burn more gas than a small car or motorcycle.
[/rant]_________________Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

However, before everyione goes off topic, merlin026 revealed the real reason [?] for suggesting a keylogger was for 'parental control'

I posted a link to dansguardian, which performs that function without a keylogger in sight, & since other parents may be wanting 'parental control' also, I suggest those who want to get paranoia/911 blues start a new thread, and any other ideas for 'parental control' be continued here.....

Thanks for this suggestion ttuuxxx . I wanted to give my sons the simplicity linux netbook edition (90meg) on a flashdrive to use for school papers but I could not figure out how to add a pornblocker, since dansguardian is a little tricky and takes up precious memory.

Also another firefox add on that works nicely together with procon latte is Foxfilter.

It has a preloaded list of "allowed" sites such as the discovery channel/homework sites etc which no-one would really object their kids looking at (unless they were religious fundamentalists/creationists/flat earthers/Amish) Every new site the child tries to access, is denied and the url sent to the parent account for him/her to pre-read and either approve or deny access to for the child.

This is good because the Parents can judge, according to their standards, what is suitable for their child to see, based on their own moral values and/or the childs "mental age". This is much better than censoring the whole internet!

Dansguardian is a pain to set up, a preconfigured package would great to set up. We used a Dansguardian mod on Smoothwall at the cybercafe I ran, and it was VERY effective at filtering there, and practically unhackable as the filtering was done before the connection got to the puppy machine. We will be using the same at the mission cybercafe (all those sailors coming off long voyages etc etc )

@ Ttuuxxx

Perhaps you could write a patch that would mean the keylogger above would not work in puppy?_________________Puppy Linux's Mission

I only see Firefox referenced and while they share base-code not everything is cross-compatible._________________Thanks! DavidHome page: http://nevils-station.comDon't googleSearch!http://duckduckgo.com
Puppy Carolina 1.3 & Lighthouse64-b602